Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

275,726 advisories

Loading
CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related... Moderate Unreviewed
CVE-2022-45472 was published Nov 23, 2022
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper... Unknown Unreviewed
CVE-2025-32986 was published Apr 25, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo Configuration. Unknown Unreviewed
CVE-2025-32980 was published Apr 25, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR... Unknown Unreviewed
CVE-2025-32985 was published Apr 25, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for... Unknown Unreviewed
CVE-2025-32981 was published Apr 25, 2025
An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP... High Unreviewed
CVE-2025-28128 was published Apr 25, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. Unknown Unreviewed
CVE-2025-32982 was published Apr 25, 2025
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code... High Unreviewed
CVE-2025-3935 was published Apr 25, 2025
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at ... High Unreviewed
CVE-2022-45331 was published Nov 22, 2022
The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed
CVE-2021-39343 was published May 24, 2022
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users. Unknown Unreviewed
CVE-2025-32979 was published Apr 25, 2025
The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2025-0671 was published Apr 25, 2025
oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid... Critical Unreviewed
CVE-2024-56431 was published Dec 25, 2024
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS)... Moderate Unreviewed
CVE-2022-45221 was published Nov 29, 2022
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.1 allows an... High Unreviewed
CVE-2022-44789 was published Nov 23, 2022
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup... Moderate Unreviewed
CVE-2022-45866 was published Nov 23, 2022
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized... High Unreviewed
CVE-2022-39833 was published Nov 23, 2022
Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master... Moderate Unreviewed
CVE-2022-44280 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in... Critical Unreviewed
CVE-2022-44251 was published Nov 23, 2022
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow... High Unreviewed
CVE-2022-36337 was published Nov 23, 2022
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version... Critical Unreviewed
CVE-2022-44808 was published Nov 22, 2022
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter... High Unreviewed
CVE-2022-45330 was published Nov 22, 2022
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform... Critical Unreviewed
CVE-2022-36784 was published Jul 6, 2023
Microweber vulnerable to cross-site scripting (XSS) Moderate
CVE-2022-0698 was published for microweber/microweber (Composer) Nov 25, 2022
blosc2 heap-based buffer overflow High
CVE-2020-29367 was published for blosc2 (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database